Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Practical Cryptography for a Peer-to-Peer Web Browsing System A. Pokluda Cheriton School of Computer Science University of Waterloo CS758 Cryptography and Network Security Project
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Outline Introduction 1 Cryptography in P2P Systems 2 Cryptography in Real-World Peer-to-Peer Systems Message Stream Encryption A P2P Web Browsing System 3 Identify Security Requirements Satisfy Security Requirements A Brief Introduction to Elliptic Curve Cryptography Comparison of Implementations in C 4
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Overview of Project Objectives Perform a brief survey of the protocols and schemes used 1 in real-world peer-to-peer systems Identify the general security related requirements for a new 2 1 peer-to-peer web browsing system and identify the cryptographic protocols that meet those security requirements. Identify one or two schemes to solve each problem that 2 meet the security requirements. These may be the same schemes that are used in current peer-to-peer systems or are new schemes obtained from the literature. Compare production-level implementations in C and 3 evaluate them on a number of criteria: level of security; CPU time and memory requirements; and performance over limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Overview of Project Objectives Perform a brief survey of the protocols and schemes used 1 in real-world peer-to-peer systems Identify the general security related requirements for a new 2 1 peer-to-peer web browsing system and identify the cryptographic protocols that meet those security requirements. Identify one or two schemes to solve each problem that 2 meet the security requirements. These may be the same schemes that are used in current peer-to-peer systems or are new schemes obtained from the literature. Compare production-level implementations in C and 3 evaluate them on a number of criteria: level of security; CPU time and memory requirements; and performance over limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Overview of Project Objectives Perform a brief survey of the protocols and schemes used 1 in real-world peer-to-peer systems Identify the general security related requirements for a new 2 1 peer-to-peer web browsing system and identify the cryptographic protocols that meet those security requirements. Identify one or two schemes to solve each problem that 2 meet the security requirements. These may be the same schemes that are used in current peer-to-peer systems or are new schemes obtained from the literature. Compare production-level implementations in C and 3 evaluate them on a number of criteria: level of security; CPU time and memory requirements; and performance over limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Cryptography in Real-World Peer-to-Peer Systems Skype Key Agreement RSA with 1536- to 2048-bit key lengths Block Cipher 256-bit AES Public-Key Infrastructure The Skype “login server” performs the role of TA and certifies user public keys Skype is proprietary, closed-source software and all network traffic is encrypted. There have been some efforts to document the Skype peer-to-peer architecture, but not much is known about the inner-workings of Skype software.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Cryptography in Real-World Peer-to-Peer Systems BitTorrent Most current BitTorrent clients use a custom encryption scheme known as “Message Stream Encryption” (MSE) Key Agreement Diffie-Hellman with 768-bit key lengths Block Cipher RC4 Public-Key Infrastructure None; New public keys are generated for each session Hash Functions Content is located using .torrent metainfo files containing an index of data chucks needed to reconstruct a file or set of files and their SHA-1 hash values; A metainfo file itself is identified by the SHA-1 hash of the index (known as an info hash )
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Message Stream Encryption Context Diffie-Hellman Parameters p is a published, 768-bit safe prime, 0xFF ...63 Generator G is 2 r A and r B are random ints between 128- and 180-bits long Public key of A is Y A = G r A mod p Public key of B is Y B = G r B mod p The shared secret is S = Y r B mod p = Y r A mod p A B Constants/Variables PadA and PadB are random data with length 0-512 bytes T info hash is the info hash of the torrent VC is a verification constant defined to be 8 bytes set to 0
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Message Stream Encryption Operation Alice Bob Y A = G r A mod p Y A , PadA Y B = G r B mod p Y B , PadB S = Y r A S = Y r B mod p mod p B A K A = H ( ‘keyA’ , S , T info hash ) K A = H ( ‘keyA’ , S , T info hash ) K B = H ( ‘keyB’ , S , T info hash ) K B = H ( ‘keyB’ , S , T info hash ) H ( ‘req1’ , S ) , H ( ‘req2’ , T info hash ) ⊕ H ( ‘req3’ , S ) , e K A ( VC ) e K B ( VC )
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Basic Architecture At the outer level c c users will use their web c browsers to communicate with the S S peer-to-peer Web software c At the inner level S S c instances of the peer-to-peer Web c software will S S communicate with each other using a c peer-to-peer network c c overlay
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Identify Security Requirements New Challenges We are designing a new system from scratch We can learn from existing systems, such as BitTorrent However, there are several fundamental differences between a web browsing system and BitTorrent from a security perspective : BitTorrent provides no way to verify the identity of the source of a content BitTorrent provides no way to update content once it has been released
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Identify Security Requirements What Protocols Are Needed? Like BitTorrent, We can secure peer to peer communications from eavesdropping by using a key agreement scheme and block cipher We can locate content using a hash function Unlike BitTorrent, We can bind the identity of an author to content using a signature scheme We need a public key infrastructure to support the verification of signatures Side Note In a distributed system such as this, a Web of Trust is preferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Identify Security Requirements What Protocols Are Needed? Like BitTorrent, We can secure peer to peer communications from eavesdropping by using a key agreement scheme and block cipher We can locate content using a hash function Unlike BitTorrent, We can bind the identity of an author to content using a signature scheme We need a public key infrastructure to support the verification of signatures Side Note In a distributed system such as this, a Web of Trust is preferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Identify Security Requirements What Protocols Are Needed? Like BitTorrent, We can secure peer to peer communications from eavesdropping by using a key agreement scheme and block cipher We can locate content using a hash function Unlike BitTorrent, We can bind the identity of an author to content using a signature scheme We need a public key infrastructure to support the verification of signatures Side Note In a distributed system such as this, a Web of Trust is preferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Satisfy Security Requirements Schemes Implementing the Protocols Key Agreement Diffie-Hellman Block Cipher AES Hash Function SHA-256, MD6 Signature Scheme ElGamal, DSA Public Key Infrastructure custom based on DHT The Diffie-Hellman, ElGamal, and DSA schemes can be implemented in a Finite Multiplicative Group or on an Elliptic Curve over a Finite Field .
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary Satisfy Security Requirements A Brief Introduction to Elliptic Curve Cryptography An Elliptic Curve Over R 2 Definition An Elliptic Curve is the set E of solutions ( x , y ) ∈ R 2 to the equation y 2 = x 3 + ax + b together with a special point called the point at infinity .
Recommend
More recommend